Fedora 31 will likely be enabling various GCC security hardening flags by default in trying to further enhance the security of the software in its repositories and those building software on their own Fedora systems.

While Fedora generally leads the way with low-level innovations to the Linux stack thanks to Red Hat, in this case they are a bit behind the ball for enabling these GCC security hardening flags. In fact, the flags they are planning to use by default are already the defaults on Ubuntu.

With Fedora 31 they would enable "-Wformat -Wformat-security -fstack-protector-strong" flags by default for checking printf/scanf calls to ensure a proper format string is specified and conversions are correct, warning about possible security problems for the formatted printing, and additional stack protector protections.

Fedora's build system already enables some security-related flags by default but this change would patch GCC to enable the functionality by default for all software built by GCC (assuming the opposite flags aren't set) to ensure all software being built on the Fedora 31 compiler would receive these hardening benefits.

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 10,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

The mission at Phoronix since 2004 has centered around enriching the Linux hardware experience. In addition to supporting our site through advertisements, you can help by subscribing to Phoronix Premium. You can also use our NewEgg.com shopping links when making online purchases or contribute to Phoronix through a PayPal tip.